1 / 25

Designing a Publish Subscribe Substrate for Privacy/Security in Pervasive Environments

This paper discusses the design of a publish-subscribe system that ensures privacy and security in pervasive environments, such as RFID tags, sensors, and location-based services.

ahowe
Download Presentation

Designing a Publish Subscribe Substrate for Privacy/Security in Pervasive Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Designing a Publish Subscribe Substrate for Privacy/Security in Pervasive Environments Lukasz Opyrchal Miami University Oxford, OH Atul Prakash University of Michigan Ann Arbor, MI Amit Agrawal Indian Institute of Technology New Delhi, India

  2. Introduction • Emerging pervasive applications • RFID tags and other sensors • Tracking objects, people, etc. • Cell phones • Location-based services • Privacy concerns • People do not wish to have their movements available to everyone1 1 R. J. Harper, 1995

  3. Privacy • The ability of an individual to control the terms for acquisition and usage of their personal information • How to build applications and services while providing means to users to have control over the conditions of distribution of their data

  4. Policies we are interested in • Environment-dependent sharing • Share info at certain times, • Share info in certain locations, • Share info during special events, etc. • Privacy-protected access to services • Location-based notification • Without revealing ones location

  5. Rest of presentation • Content-based publish subscribe • Policy model • Prototype publish subscribe system • Location tracking application

  6. Publish Subscribe Systems subscriber publisher subscriber subscriber subscriber brokers publisher subscriber subscriber subscriber

  7. Content-Based Publish Subscribe • SIENA, Elvin, Hermes • IBM: Gryphon • Microsoft: Herald • Only rudimentary security solutions exist

  8. Policy Dimensions • Authorization/Authentication • existing solutions (Kerberos, certificates, etc.) • Access Control • conditions under which an action can be performed • historically – coarse-grained • Data Security • security guarantees (confidentiality, integrity, sender authenticity, etc.) • Granularity of Security Guarantees • explained later

  9. Entities • Administrators • “high level” control over applications • Owners • can authorize other entities to perform actions • Publishers • Subscribers • users, application, services (event filters) • Event Delivery System • broker network

  10. Entities • Application • application administrator • consists of multiple event types • LOC_APP application: • LOC_INFO and LOC_SERVICE event types • Event type • describes event schema • Owner • can authorize others to subscribe, receive and modify policy for its events • one or more owners per event type

  11. Policy Language • Based on KeyNote [RFC 2704] • Fields: • Authorizer • Licensees • Conditions • Signature

  12. Sample Rules Authorizer: “POLICY” Licensees: admin Conditions: (app_domain == “LOC_APP”) -> “true”; Authorizer: admin Licensees: joe Conditions: (app_domain == “LOC_APP”)&& (evtType == “LOC_INFO”) && (user == “joe”) && (owner == “joe”) -> “true”;

  13. Access Control • Actions • authenticate • advertise • publish • subscribe • receive • change policy

  14. Restricting Delegations • admin delegates ownership rights to joe • joe delegates only “SUBSCRIBE” and “RECEIVE” • rights to alice

  15. Advertisements • Application • Event type • Attribute names • Owner • Access control • Data security • Granularity

  16. Access Control • No-control • Subscribe-time • Only check subscription requests • Receive-time • Check before events are delivered • Receive-Subscribe-time

  17. Granularity of Security Guarantees • System granularity • confidentiality required • no access control • protect from system outsiders • Event-type granularity • authorization for all events of a type • once authorized a user can read all events of that type • Matching-set granularity • determine set of interested and authorized subscribers for each event • only subscribers from that set can gain access • each event encrypted for a different subset of subscribers

  18. System • Implemented in Java • Supports any number of applications and event types • Advertisements read at start-up • External attributes • Event schema • List of attributes • All attributes - String [LOC_INFO: (user, building, room)] • Subscriptions • Only equality implemented (others trivial to add) (user == “alice” && building == EECS && room == “*”)

  19. Architecture

  20. Is S2 OK? Is S1 OK? Send E to S1 Send E to S1 Publish E Is ok? Publish E No OK OK Architecture Publish E Match E S1, S2, …

  21. Location-Tracking Application

  22. Location-Tracking Application • Event schema: [LOC_INFO: (user, building, room)] • Sensors • planned - RFID • currently – event generator • Privacy policies • users own event about them • allow others to receive your events • based on event attributes and external attributes

  23. Eve authorizes everybody to receive her events but only when Eve and the subscriber are in the same room. Authorizer: Eve Conditions: (app_domain == “LOC_APP”) && (evtType == “LOC_INFO”) && (owner == “Eve”) && (action == “RECEIVE”) && (building == extBuilding) && (room == extRoom) -> “true”; location_admin is the administrator of LOC_APP application Authorizer: POLICY Licensee: location_admin Conditions: (app_domain == “LOC_APP”) -> “true”;

  24. Conclusion and Future Work • Flexible support for complex privacy policies • Services (such as privacy filters) • Publisher/subscriber • Restricting delegation • Support for contract signing • Support for archived events

  25. Questions? opyrchal@muohio.edu aprakash@eecs.umich.edu csu2103@cse.iitd.ernet.in

More Related